I agree that this is ultimately a problem with developers lacking security knowledge and general understanding, but my issue with Firestore specifically is that it is a powerful tool that, while it can be adopted as part of a carefully considered tech stack, lends itself most naturally towards being a blunt force instrument used by these kinds of developers.

My main criticism of Firestore is that it offers a powerful feature set that is both extremely attractive to amateur or constrained developers while simultaneously doing a poor job of guiding said amateurs towards creating a secure and well designed backend. In particular, the seemingly expected use case of the technology as something directly interfaced with by apps and other clients, as evidenced by the substantial support and feature set for this use case, is the main issue. This no-code no-management client driven interaction model makes it especially attractive to these developers.

This lack of indirection through an API Gateway or service, however, imposes additional design considerations largely delegated to the security rules which can easily be missed by a beginner. For example:

1. Many examples of amateurs take an open-by-default approach, only applying access and write restrictions where necessary and miss data that should be restricted
2. Some amateurs deploy databases with no access or write restrictions at all
3. There is no way to only allow a “view” of a document to a request, instead a separate document and security rules containing the private fields needs to be created. This can be fairly simple to design around but seems to be a bit of a “gotcha”, plus if you have similar but non identical sets of data that needs to be accessible by different groups it must be duplicated and manually synchronized.
4. Since there is no way to version data models, incompatible changes require complicated workarounds or an increasingly complicated deserialization process on the client side (especially as existing clients continue to write outdated models).
5. Schema validation of data written by clients to the database is handled by security rules, which is seemingly unintuitive or missed by many developers because I’ve seen plenty of projects miss it
6. If clients are writing data directly, it can become fairly complex to handle and subsequently maintain their contributions, especially if the aforementioned private data documents are required or the data model changes.

All of these pitfalls can be worked around (although I would still argue for some layer of indirection at least for writes), but at this point I’ve been contracted to 2 or 3 projects worked on by “professionals” (derogatory) that failed to account for any of these issues and I absolutely sick to death of it. I think a measure of a tools quality is whether it guides a developer towards good practices by design and I have found Firestore to completely fail in that regard. I think it can be used well, and it is perfectly appropriate for small inconsequential (as in data leaks would be inconsequential) single developer projects, but it almost never is.

I absolutely despise Firebase Firestore (the database technology that was “hacked”). It’s like a clarion call for amateur developers, especially low rate/skill contractors who clearly picked it not as part of a considered tech stack, but merely as the simplest and most lax hammer out there. Clearly even DynamoDB with an API gateway is too scary for some professionals. It almost always interfaces directly with clients/the internet without sufficient security rules preventing access to private information (or entire database deletion), and no real forethought as to ongoing maintenance and technical debt.

A Firestore database facing the client directly on any serious project is a code smell in my opinion.

I mean yeah, but people also regularly steal things despite it being against the rules. Like those, wiki rules are enforced (theoretically) as a best effort.

You can’t edit Wikipedia pages on a topic to which you have a close connection/conflict of interest.

Also WP:Notability

I had just turned 17 when the gay marriage plebiscite happened in Australia. I still remember the anger I felt at not being able to vote on my own right to marry.

I was more naive then than I am now, but I also was at twenty.

In my experience, an LLM can write small, basic scripts or equally small and isolated bits of logic. It can also do some basic boilerplate work and write nearly functional unit tests. Anything else and it’s hopeless.

Stuff you buy from physical Aussie store shelves have been validated to meet our standards though. Doesn’t stop me from buying plenty of stuff from AliExpress though

Women have been historically and presently marginalised, yes.

If people want a respectful space to discuss among themselves I don’t see any good reason to force myself into the conversation. Not every space on the internet (or real life) needs to be a stage for the free marketplace of ideas, especially when you’re talking about already marginalised communities who are easily disenfranchised by many of the kinds of people attracted to that style of space.

Personally, looking at the interaction between yourself and the mod, it reads to me like you was the one who was sarcastic and rude.

I think, for me, owning a printer is like owning a van. You’re the only person your friends know who has one, so every time someone needs it you’re the one they ask.

Oh yeah no fair enough, thanks for hearing me out. Those kinds people are exhausting

I agree, it feels like we’ve been arguing over semantics. When I (and I’m assuming the person you originally responded to) say “real”, I don’t mean to claim that it doesn’t have material effects, I mean that it has no biological basis - i.e. it is socially constructed.

You do not need to believe race is a biological reality to acknowledge that the perception of others as you (+ your ancestors) being a member of a race has materially affected your identity

I don’t really think I can come up with a more concise way of summarizing the idea than anthropologist Audrey Smedley did on the first result of the Google search “race social construct”

Race is a culturally structured systematic definition of a way of looking at perceiving and interpreting reality.

I would recommend you read something like “Feminism and ‘Race’” from Oxford Readings in Feminism or some of bell hooks’ work to understand the idea better.

Saying that race isn’t real is not the same as saying that we live in a post-racial society.

I’m not going to remove this comment, but in the future please don’t use misogynistic insults.

This feels more like two questions, so I’ll answer them both:

1. When I’m not programming for my job, I’m programming one of many side projects I have going on at any time. Same with any other professional who has a career in their hobby. These are often projects I think would be useful to me and I believe would let me learn new skills.
2. I use Linux (and MacOS) because the Unix environment, particularly the command line tooling is far superior to Windows. Developers often work on Unix, so they build their tools for the platform and thus improvements stack up. I also just like the FOSS philosophy underpinning most Linux.

If you’re trying to learn programming and know at least some basics, my only advice is to pick a project you’re even a little interested in and get started. Don’t worry about operating system, it doesn’t actually matter that much unless you’re working on iOS or MacOS! A weather app for whatever language/platform you’re working with is usually my first suggestion for students.

There are plenty of legitimate reasons for Google to provide extra support and exceptions to parts of their guidelines to certain parties, including themselves. No one is claiming this is a consequence-neutral decision, and it’s right to not inherently trust these exceptions, but it is not a black and white issue.

In this case, placing extra barriers around sensitive permissions like MANAGE_EXTERNAL_STORAGE for untrusted parties is perfectly reasonable, but the process they implemented should be competent and appealable to a real support person. What Google should be criticized for (and “heavily fined” by the EU if that were to happen) is their inconsistent and often incorrect baseline review process, as well as their lack of any real support. They are essentially part of a duopoly and should thus be forced to act responsibly.

Oh yeah for sure. Google, extremely large companies, and government apps essentially have different streams and access to support than the rest of us mere mortals. They all receive scrutiny, and may have slightly altered guidelines depending on the app, but the most consequential difference is that they have much more ability to access real support. I just don’t think it was an intentional and specific attempt to be anti-competitive, this is better explained by incompetence and the consequences of well-intentioned but poorly implemented policy.

I’ve experienced this exact issue with the Google Play Store with some clients and it’s just the worst. This kinda thing happens because Google is essentially half-arsing an Apple-style comprehensive review of apps. For context, Apple offers thorough reviews pointing to exactly how the app violates policy/was rejected, with mostly free one-on-one support with a genuine Apple engineer to discuss or review the validity of the report/how to fix it. They’re restrictive as hell and occasionally make mistakes, but at the end of the road there is a real, extremely competent human able to dedicate time to assist you.

Google uses a mix of human and automated reviewers that are even more incompetent than Apple’s frontline reviewers. They will reject your app for what often feels like arbitrary reasons, and you’re lucky if their reason amounts to more than a single sentence. Unlike Apple, from that point you have few options. I have yet to find an official way to reach an actually useful human unless you happen to know someone in Google’s Android/Developer Relations team.

I’m actually certain that the issues facing Nextcloud are not some malicious anti-competitive effort, but yet more sheer and utter incompetence from every enterprise/business facing aspect of Google.